Nordic stack and drivers for the mbed BLE API
Fork of nRF51822 by
TARGET_MCU_NRF51822/sdk/source/libraries/bootloader_dfu/dfu_init.h@640:c90ae1400bf2, 2016-09-14 (annotated)
- Committer:
- Vincent Coubard
- Date:
- Wed Sep 14 14:39:43 2016 +0100
- Revision:
- 640:c90ae1400bf2
Sync with bdab10dc0f90748b6989c8b577771bb403ca6bd8 from ARMmbed/mbed-os.
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
Vincent Coubard |
640:c90ae1400bf2 | 1 | /* |
Vincent Coubard |
640:c90ae1400bf2 | 2 | * Copyright (c) Nordic Semiconductor ASA |
Vincent Coubard |
640:c90ae1400bf2 | 3 | * All rights reserved. |
Vincent Coubard |
640:c90ae1400bf2 | 4 | * |
Vincent Coubard |
640:c90ae1400bf2 | 5 | * Redistribution and use in source and binary forms, with or without modification, |
Vincent Coubard |
640:c90ae1400bf2 | 6 | * are permitted provided that the following conditions are met: |
Vincent Coubard |
640:c90ae1400bf2 | 7 | * |
Vincent Coubard |
640:c90ae1400bf2 | 8 | * 1. Redistributions of source code must retain the above copyright notice, this |
Vincent Coubard |
640:c90ae1400bf2 | 9 | * list of conditions and the following disclaimer. |
Vincent Coubard |
640:c90ae1400bf2 | 10 | * |
Vincent Coubard |
640:c90ae1400bf2 | 11 | * 2. Redistributions in binary form must reproduce the above copyright notice, this |
Vincent Coubard |
640:c90ae1400bf2 | 12 | * list of conditions and the following disclaimer in the documentation and/or |
Vincent Coubard |
640:c90ae1400bf2 | 13 | * other materials provided with the distribution. |
Vincent Coubard |
640:c90ae1400bf2 | 14 | * |
Vincent Coubard |
640:c90ae1400bf2 | 15 | * 3. Neither the name of Nordic Semiconductor ASA nor the names of other |
Vincent Coubard |
640:c90ae1400bf2 | 16 | * contributors to this software may be used to endorse or promote products |
Vincent Coubard |
640:c90ae1400bf2 | 17 | * derived from this software without specific prior written permission. |
Vincent Coubard |
640:c90ae1400bf2 | 18 | * |
Vincent Coubard |
640:c90ae1400bf2 | 19 | * |
Vincent Coubard |
640:c90ae1400bf2 | 20 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
Vincent Coubard |
640:c90ae1400bf2 | 21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
Vincent Coubard |
640:c90ae1400bf2 | 22 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
Vincent Coubard |
640:c90ae1400bf2 | 23 | * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR |
Vincent Coubard |
640:c90ae1400bf2 | 24 | * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
Vincent Coubard |
640:c90ae1400bf2 | 25 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
Vincent Coubard |
640:c90ae1400bf2 | 26 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON |
Vincent Coubard |
640:c90ae1400bf2 | 27 | * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
Vincent Coubard |
640:c90ae1400bf2 | 28 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
Vincent Coubard |
640:c90ae1400bf2 | 29 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
Vincent Coubard |
640:c90ae1400bf2 | 30 | * |
Vincent Coubard |
640:c90ae1400bf2 | 31 | */ |
Vincent Coubard |
640:c90ae1400bf2 | 32 | |
Vincent Coubard |
640:c90ae1400bf2 | 33 | /**@file |
Vincent Coubard |
640:c90ae1400bf2 | 34 | * |
Vincent Coubard |
640:c90ae1400bf2 | 35 | * @defgroup nrf_dfu_init Init packet handling in DFU |
Vincent Coubard |
640:c90ae1400bf2 | 36 | * @{ |
Vincent Coubard |
640:c90ae1400bf2 | 37 | * |
Vincent Coubard |
640:c90ae1400bf2 | 38 | * @brief Device Firmware Update module type and function declaration for init packet handling. |
Vincent Coubard |
640:c90ae1400bf2 | 39 | * |
Vincent Coubard |
640:c90ae1400bf2 | 40 | * @details This header contains basic functionality for performing safety checks on software |
Vincent Coubard |
640:c90ae1400bf2 | 41 | * updates for \nRFXX based devices. It provides a skeleton for pre-checking an init packet |
Vincent Coubard |
640:c90ae1400bf2 | 42 | * to ensure the following image is compatible with this device. A safety check should |
Vincent Coubard |
640:c90ae1400bf2 | 43 | * always be performed to prevent accidental flashing of unsupported applications or a |
Vincent Coubard |
640:c90ae1400bf2 | 44 | * wrong combination of application and SoftDevice. |
Vincent Coubard |
640:c90ae1400bf2 | 45 | * The device information contains information such as: |
Vincent Coubard |
640:c90ae1400bf2 | 46 | * - Device type (2 bytes), for example Heart Rate. The device type is a number defined by |
Vincent Coubard |
640:c90ae1400bf2 | 47 | * the customer. It can be located in UICR or FICR. |
Vincent Coubard |
640:c90ae1400bf2 | 48 | * - Device revision (2 bytes), for example major revision 1, minor revision 0. The device |
Vincent Coubard |
640:c90ae1400bf2 | 49 | * revision is a number defined by the customer. It can be located in UICR or FICR. |
Vincent Coubard |
640:c90ae1400bf2 | 50 | * - List of SoftDevices supported by this application, for example |
Vincent Coubard |
640:c90ae1400bf2 | 51 | * 0x0049 = S110v6_0_0 |
Vincent Coubard |
640:c90ae1400bf2 | 52 | * 0xFFFE = S110 development (any SoftDevice accepted), |
Vincent Coubard |
640:c90ae1400bf2 | 53 | * - CRC or hash of firmware image |
Vincent Coubard |
640:c90ae1400bf2 | 54 | * |
Vincent Coubard |
640:c90ae1400bf2 | 55 | * @note This module does not support security features such as image signing, but the corresponding |
Vincent Coubard |
640:c90ae1400bf2 | 56 | * implementation allows for such extensions. |
Vincent Coubard |
640:c90ae1400bf2 | 57 | * If the init packet is signed by a trusted source, it must be decrypted before it can be |
Vincent Coubard |
640:c90ae1400bf2 | 58 | * processed. |
Vincent Coubard |
640:c90ae1400bf2 | 59 | */ |
Vincent Coubard |
640:c90ae1400bf2 | 60 | |
Vincent Coubard |
640:c90ae1400bf2 | 61 | #ifndef DFU_INIT_H__ |
Vincent Coubard |
640:c90ae1400bf2 | 62 | #define DFU_INIT_H__ |
Vincent Coubard |
640:c90ae1400bf2 | 63 | |
Vincent Coubard |
640:c90ae1400bf2 | 64 | #include <stdint.h> |
Vincent Coubard |
640:c90ae1400bf2 | 65 | #include "nrf.h" |
Vincent Coubard |
640:c90ae1400bf2 | 66 | |
Vincent Coubard |
640:c90ae1400bf2 | 67 | /**@brief Structure contained in an init packet. Contains information on device type, revision, and |
Vincent Coubard |
640:c90ae1400bf2 | 68 | * supported SoftDevices. |
Vincent Coubard |
640:c90ae1400bf2 | 69 | */ |
Vincent Coubard |
640:c90ae1400bf2 | 70 | typedef struct |
Vincent Coubard |
640:c90ae1400bf2 | 71 | { |
Vincent Coubard |
640:c90ae1400bf2 | 72 | uint16_t device_type; /**< Device type (2 bytes), for example Heart Rate. This number must be defined by the customer before production. It can be located in UICR or FICR. */ |
Vincent Coubard |
640:c90ae1400bf2 | 73 | uint16_t device_rev; /**< Device revision (2 bytes), for example major revision 1, minor revision 0. This number must be defined by the customer before production. It can be located in UICR or FICR. */ |
Vincent Coubard |
640:c90ae1400bf2 | 74 | uint32_t app_version; /**< Application version for the image software. This field allows for additional checking, for example ensuring that a downgrade is not allowed. */ |
Vincent Coubard |
640:c90ae1400bf2 | 75 | uint16_t softdevice_len; /**< Number of different SoftDevice revisions compatible with this application. The list of SoftDevice firmware IDs is defined in @ref softdevice. */ |
Vincent Coubard |
640:c90ae1400bf2 | 76 | uint16_t softdevice[1]; /**< Variable length array of SoftDevices compatible with this application. The length of the array is specified in the length field. SoftDevice firmware id 0xFFFE indicates any SoftDevice. */ |
Vincent Coubard |
640:c90ae1400bf2 | 77 | } dfu_init_packet_t; |
Vincent Coubard |
640:c90ae1400bf2 | 78 | |
Vincent Coubard |
640:c90ae1400bf2 | 79 | /**@brief Structure holding basic device information settings. |
Vincent Coubard |
640:c90ae1400bf2 | 80 | */ |
Vincent Coubard |
640:c90ae1400bf2 | 81 | typedef struct |
Vincent Coubard |
640:c90ae1400bf2 | 82 | { |
Vincent Coubard |
640:c90ae1400bf2 | 83 | uint16_t device_type; /**< Device type (2 bytes), for example Heart Rate. This number must be defined by the customer before production. It can be located in UICR or FICR. */ |
Vincent Coubard |
640:c90ae1400bf2 | 84 | uint16_t device_rev; /**< Device revision (2 bytes), for example major revision 1, minor revision 0. This number must be defined by the customer before production. It can be located in UICR or FICR. */ |
Vincent Coubard |
640:c90ae1400bf2 | 85 | } dfu_device_info_t; |
Vincent Coubard |
640:c90ae1400bf2 | 86 | |
Vincent Coubard |
640:c90ae1400bf2 | 87 | /** The device info offset can be modified to place the device info settings at a different location. |
Vincent Coubard |
640:c90ae1400bf2 | 88 | * If the customer reserved UICR location is used for other application specific data, the offset |
Vincent Coubard |
640:c90ae1400bf2 | 89 | * must be updated to avoid collision with that data. |
Vincent Coubard |
640:c90ae1400bf2 | 90 | */ |
Vincent Coubard |
640:c90ae1400bf2 | 91 | /** [DFU UICR DEV offset] */ |
Vincent Coubard |
640:c90ae1400bf2 | 92 | #define UICR_CUSTOMER_DEVICE_INFO_OFFSET 0x0 /**< Device info offset inside the customer UICR reserved area. Customers may change this value to place the device information in a user-preferred location. */ |
Vincent Coubard |
640:c90ae1400bf2 | 93 | /** [DFU UICR DEV offset] */ |
Vincent Coubard |
640:c90ae1400bf2 | 94 | |
Vincent Coubard |
640:c90ae1400bf2 | 95 | #define UICR_CUSTOMER_RESERVED_OFFSET 0x80 /**< Customer reserved area in the UICR. The area from UICR + 0x80 is reserved for customer usage. */ |
Vincent Coubard |
640:c90ae1400bf2 | 96 | #define DFU_DEVICE_INFO_BASE (NRF_UICR_BASE + \ |
Vincent Coubard |
640:c90ae1400bf2 | 97 | UICR_CUSTOMER_RESERVED_OFFSET + \ |
Vincent Coubard |
640:c90ae1400bf2 | 98 | UICR_CUSTOMER_DEVICE_INFO_OFFSET) /**< The device information base address inside of UICR. */ |
Vincent Coubard |
640:c90ae1400bf2 | 99 | #define DFU_DEVICE_INFO ((dfu_device_info_t *)DFU_DEVICE_INFO_BASE) /**< The memory mapped structure for device information data. */ |
Vincent Coubard |
640:c90ae1400bf2 | 100 | |
Vincent Coubard |
640:c90ae1400bf2 | 101 | #define DFU_DEVICE_TYPE_EMPTY ((uint16_t)0xFFFF) /**< Mask indicating no device type is present in UICR. 0xFFFF is default flash pattern when not written with data. */ |
Vincent Coubard |
640:c90ae1400bf2 | 102 | #define DFU_DEVICE_REVISION_EMPTY ((uint16_t)0xFFFF) /**< Mask indicating no device revision is present in UICR. 0xFFFF is default flash pattern when not written with data. */ |
Vincent Coubard |
640:c90ae1400bf2 | 103 | #define DFU_SOFTDEVICE_ANY ((uint16_t)0xFFFE) /**< Mask indicating that any SoftDevice is allowed for updating this application. Allows for easy development. Not to be used in production images. */ |
Vincent Coubard |
640:c90ae1400bf2 | 104 | |
Vincent Coubard |
640:c90ae1400bf2 | 105 | |
Vincent Coubard |
640:c90ae1400bf2 | 106 | /**@brief DFU prevalidate call for pre-checking the received init packet. |
Vincent Coubard |
640:c90ae1400bf2 | 107 | * |
Vincent Coubard |
640:c90ae1400bf2 | 108 | * @details Pre-validation will safety check the firmware image to be transfered in second stage. |
Vincent Coubard |
640:c90ae1400bf2 | 109 | * The function currently checks the device type, device revision, application firmware |
Vincent Coubard |
640:c90ae1400bf2 | 110 | * version, and supported SoftDevices. More checks should be added according to |
Vincent Coubard |
640:c90ae1400bf2 | 111 | * customer-specific requirements. |
Vincent Coubard |
640:c90ae1400bf2 | 112 | * |
Vincent Coubard |
640:c90ae1400bf2 | 113 | * @param[in] p_init_data Pointer to the init packet. If the init packet is encrypted or signed, |
Vincent Coubard |
640:c90ae1400bf2 | 114 | * it must first be decrypted before being checked. |
Vincent Coubard |
640:c90ae1400bf2 | 115 | * @param[in] init_data_len Length of the init data. |
Vincent Coubard |
640:c90ae1400bf2 | 116 | * |
Vincent Coubard |
640:c90ae1400bf2 | 117 | * @retval NRF_SUCCESS If the pre-validation succeeded, that means the image is |
Vincent Coubard |
640:c90ae1400bf2 | 118 | * supported by the device and it is considered to come from a |
Vincent Coubard |
640:c90ae1400bf2 | 119 | * trusted source (signing). |
Vincent Coubard |
640:c90ae1400bf2 | 120 | * @retval NRF_ERROR_INVALID_DATA If the pre-validation failed, that means the image is not |
Vincent Coubard |
640:c90ae1400bf2 | 121 | * supported by the device or comes from an un-trusted source |
Vincent Coubard |
640:c90ae1400bf2 | 122 | * (signing). |
Vincent Coubard |
640:c90ae1400bf2 | 123 | * @retval NRF_ERROR_INVALID_LENGTH If the size of the init packet is not within the limits of |
Vincent Coubard |
640:c90ae1400bf2 | 124 | * the init packet handler. |
Vincent Coubard |
640:c90ae1400bf2 | 125 | */ |
Vincent Coubard |
640:c90ae1400bf2 | 126 | uint32_t dfu_init_prevalidate(uint8_t * p_init_data, uint32_t init_data_len); |
Vincent Coubard |
640:c90ae1400bf2 | 127 | |
Vincent Coubard |
640:c90ae1400bf2 | 128 | /**@brief DFU postvalidate call for post-checking the received image using the init packet. |
Vincent Coubard |
640:c90ae1400bf2 | 129 | * |
Vincent Coubard |
640:c90ae1400bf2 | 130 | * @details Post-validation can verify the integrity check the firmware image received before |
Vincent Coubard |
640:c90ae1400bf2 | 131 | * activating the image. |
Vincent Coubard |
640:c90ae1400bf2 | 132 | * Checks performed can be: |
Vincent Coubard |
640:c90ae1400bf2 | 133 | * - A simple CRC as shown in the corresponding implementation of this API in the file |
Vincent Coubard |
640:c90ae1400bf2 | 134 | * dfu_init_template.c |
Vincent Coubard |
640:c90ae1400bf2 | 135 | * - A hash for better verification of the image. |
Vincent Coubard |
640:c90ae1400bf2 | 136 | * - A signature to ensure the image originates from a trusted source. |
Vincent Coubard |
640:c90ae1400bf2 | 137 | * Checks are intended to be expanded for customer-specific requirements. |
Vincent Coubard |
640:c90ae1400bf2 | 138 | * |
Vincent Coubard |
640:c90ae1400bf2 | 139 | * @param[in] p_image Pointer to the received image. The init data provided in the call |
Vincent Coubard |
640:c90ae1400bf2 | 140 | * \ref dfu_init_prevalidate will be used for validating the image. |
Vincent Coubard |
640:c90ae1400bf2 | 141 | * @param[in] image_len Length of the image data. |
Vincent Coubard |
640:c90ae1400bf2 | 142 | * |
Vincent Coubard |
640:c90ae1400bf2 | 143 | * @retval NRF_SUCCESS If the post-validation succeeded, that meant the integrity of the |
Vincent Coubard |
640:c90ae1400bf2 | 144 | * image has been verified and the image originates from a trusted |
Vincent Coubard |
640:c90ae1400bf2 | 145 | * source (signing). |
Vincent Coubard |
640:c90ae1400bf2 | 146 | * @retval NRF_ERROR_INVALID_DATA If the post-validation failed, that meant the post check of the |
Vincent Coubard |
640:c90ae1400bf2 | 147 | * image failed such as the CRC is not matching the image transfered |
Vincent Coubard |
640:c90ae1400bf2 | 148 | * or the verification of the image fails (signing). |
Vincent Coubard |
640:c90ae1400bf2 | 149 | */ |
Vincent Coubard |
640:c90ae1400bf2 | 150 | uint32_t dfu_init_postvalidate(uint8_t * p_image, uint32_t image_len); |
Vincent Coubard |
640:c90ae1400bf2 | 151 | |
Vincent Coubard |
640:c90ae1400bf2 | 152 | #endif // DFU_INIT_H__ |
Vincent Coubard |
640:c90ae1400bf2 | 153 | |
Vincent Coubard |
640:c90ae1400bf2 | 154 | /**@} */ |